4 Evolution of Cybersecurity Definition Original Definition Stop cyber threats from getting into our environment. Old Definition Try to stop cyber threats from getting into our environment and detect systems that get infected with viruses and/or malware. Current Definition Threats continually navigate through our environment. Ultimately we need to be able to Prevent Detect Respond 4

7 The Cyber/Data Breach Landscape Number of Breaches 700m Records compromised $400m Financial losses >200 days The average time from breach until discovery >60% 60% 40% Companies learn they have been breached from a third party (customer, partner, vendor etc.) Cases where hackers were able to compromise an organization within minutes. Controls determined to be most effective fall into the quick win category. Source: Verizon, 2015 Data Breach Investigations Report Most recorded attacks stem from external threat actors but internal threat actors are on the rise. Breaches increasingly from unknown unknowns almost every breached organization had up-to-date antivirus. 7

8 A Sample of World's Biggest Data Breaches Source: 8

9 Boards of Directors Attention Boards of Directors are increasingly inquiring about cybersecurity as they see news of breaches, hear about increased regulatory scrutiny, and grow more concerned about cybersecurity risks. NACD Guidance The National Association of Corporate Directors (NACD) recently released guidance encouraging the full Board (not just the audit committee) to receive regular briefings on information security and provided five principles for Board involvement. Source: NACD Cyber-Risk Oversight Handbook. 9

11 What Are Organizations Doing? Evaluating security risks from key vendors and partners Employing tools to help answer the questions are we already breached? and how would we know if a breach occurs? Identifying critical data (the crown jewels ) and how it is being controlled Assessing internal and external vulnerabilities and performing periodic penetration tests Training and awareness to raise education of employees Evaluating the Breach Kill Chain Developing (and testing) breach response plans Wrapping all of this into a holistic security program continuous and on-going 11

17 NIST Cybersecurity Framework (CSF) Background In February 2013, President Barack Obama signed an Executive Order launching the development of a Cybersecurity Framework Individuals and organizations around the world provided their thoughts on the kinds of standards, best practices, and guidelines that would meaningfully improve critical infrastructure cybersecurity. NIST published it on February 12 th, The Framework leverages ISO 2700X, CoBIT, ISO 31000, ISO and FISMA (NIST ). Major differences include: Benefits The inclusion of a maturity model definition to express security readiness. The intention to outline an organization s current state of security maturity as well as a desired state. A framework to compare/contrast an organization s security maturity to other organizations. For organizations that don t know where to start, the Framework provides a road map. For organizations with more advanced cybersecurity, the Framework offers a way to better communicate their cyber risks internally and externally. 17

20 Cyber Kill Chain Attack, Defense and Internal Controlslivery Cyber Kill Chain Reconnaissance Weaponization Delivery Exploitation Installation Command and Control Action on Objectives The attack can be disrupted at any point in the kill chain. Ideally, a company will have controls at each point to create a defense in depth strategy. Cyber kill chain model shows, cyber attacks can and do incorporate a broad range of malevolent actions, from spear phishing and espionage to malware and data exfiltration that may persist undetected for an indefinite period. 20

25 Defensive Enhancements and Audits Engage Executive Leadership through reporting and visibility Governance Review Ensure Security is aligned to the business Establishing a strong control environment as well as decision-making authorities and accountabilities Are we doing the right things? Are we getting the benefits? Are we doing them the right way? Are we doing them well? 25

26 Defensive Enhancements and Audits Cybersecurity Audits Server Configuration Reviews Do we have a defined (and documented) standard for all of the servers in our environment? Are we running the appropriate security software? Are all of our systems up to date? (Not just the Operating System) Network Architecture Reviews Attackers don t win unless they get your data out of your network. Are we enforcing strong egress/outbound filtering? Do we have internal segmentation of systems that store, process and transmit sensitive data? Are there any back doors into the network? (e.g. Rogue Wireless) Can we see what s happening on the network? 26

27 Defensive Enhancements and Audits Cybersecurity Audits Application Configuration Reviews and Whitelisting What you don t know can kill you Only execute what you know is good. Requires detailed partnership with IT, but results can prevent many types of attacks particularly malware and custom malware. Do we effectively manage compliance with Privacy choices we give our consumers, even if not required by regulation? Accounts and Privileges Audit What is our organization s policy on access and need-to-know? Have we appropriately restricted access to powerful credentials? Are administrators in the organization sharing accounts and passwords? Don t forget those local user accounts! 27

29 Defensive Enhancements and Audits Review Logging and Monitoring Capabilities SIEM Pre/Post Implementation Review Did we define goals / did we accomplish goals: Verify use cases with technicians and end users? Assess log sources successfully added to SIEM? Are reporting and alerting configured and functioning? Are supporting processes in place? Technical Considerations Involves both technical and non-technical team members. Potentially challenging to perform post implementation if goals were not defined up front. Reporting Considerations May outline steps that were missed during the implementation. Helps to refine processes and enforce completeness of implementation. 29

30 Defensive Enhancements and Audits Incident Response Testing and Training Tabletop Testing Can be executed quickly Testing requires a low technical impact Suite of technical tools (automated and manual tools) are not required Quality of the testing depends on attendance / participation of the tabletop exercise Recommendations tend to focus on process improvement Technical Testing May require more coordination with IT, Information Security and other departments Testing requires more technical impact and involvement Suite of technical tools (automated and manual tools) are required Quality of the testing depends on attendance / participation of the tabletop exercise Recommendations tend to focus on technical improvement 30

31 Defensive Enhancements and Audits Awareness Training Program Review How much awareness training does your average employee receive annually? Does the program include techniques for both Prevention and Detection? We can t properly respond if we don t know we are being attacked. Enhancements through gamification of security training. Periodic testing through social engineering campaigns. 31

35 Rethinking our Strategy 2. Cybersecurity is still a people problem Organizations must focus on high impact vulnerabilities and high likelihood risks Security is not Fire and Forget Preventative controls are not 100% effective. When they fail, we need a detective control in place We can't respond to attacks we don't see coming 35

36 Rethinking our Strategy 3. Prevention is ideal but detection is a must If the Time we can Protect our assets and/or environments is greater than the time it takes to Detect and Respond to threats, then life is good. Otherwise, life is bad. Pt > Dt + Rt = Pt < Dt + Rt = Source: Time Based Security by Winn Schwartau 36

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current

An Overview of Information Security Frameworks Presented to TIF September 25, 2013 What is a framework? A framework helps define an approach to implementing, maintaining, monitoring, and improving information

SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and

Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology

: Building an Effective Defense Chris Williams Scott Donaldson Abdul Aslam 1 About the Presenters Co Authors of Enterprise Cybersecurity: How to Implement a Successful Cyberdefense Program Against Advanced

Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity

The Future Is SECURITY THAT MAKES A DIFFERENCE Overview of the 20 Critical Controls Dr. Eric Cole Introduction Security is an evolution! Understanding the benefit and know how to implement the 20 critical

Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response workflow guide. This guide has been created especially for you for use in within your security

a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring

Wasting Money on the Tools? Automating the Most Critical Security Controls Bonus: Gaining Support From Top Managers for Security Investments Mason Brown Director, The SANS Institute The Most Trusted Name

External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must

Assessing the Effectiveness of a Cybersecurity Program Lynn D. Shiang Delta Risk LLC, A Chertoff Group Company Objectives Understand control frameworks, assessment structures and scoping of detailed reviews

: INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS 1 FIVE KEY RECOMMENDATIONS During 2014, NTT Group supported response efforts for a variety of incidents. Review of these engagements revealed some observations

Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m. Topics: Explain why it is important for firms of all sizes to address cybersecurity risk. Demonstrate awareness

SPEAR PHISHING UNDERSTANDING THE THREAT SEPTEMBER 2013 Due to an organisation s reliance on email and internet connectivity, there is no guaranteed way to stop a determined intruder from accessing a business

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to

Evaluation Report OIG-08-035 INFORMATION TECHNOLOGY: Network Security at the Office of the Comptroller of the Currency Needs Improvement June 03, 2008 Office of Inspector General Department of the Treasury

ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave

Test Out Online Lesson 12 Schedule Section 12 MUST BE COMPLETED BY: 4/22 Section 12.1: Best Practices This section discusses the following security best practices: Implement the Principle of Least Privilege

Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices

Cybersecurity Are you prepared? First Cash, then your customer, now YOU! What is Cybersecurity? The body of technologies, processes, practices designed to protect networks, computers, programs, and data

Cyber- Attacks: The New Frontier for Fraudsters Daniel Wanjohi, Technology Security Specialist What is it All about The Cyber Security Agenda ; Protecting computers, networks, programs and data from unintended

Data Breach Response Planning: Laying the Right Foundation September 16, 2015 Presented by Paige M. Boshell and Amy S. Leopard babc.com ALABAMA I DISTRICT OF COLUMBIA I FLORIDA I MISSISSIPPI I NORTH CAROLINA

The FBI Cyber Program Bauer Advising Symposium October 11, 2012 Today s Agenda What is the threat? Who are the adversaries? How are they attacking you? What can the FBI do to help? What can you do to stop

How are we keeping Hackers away from our UCD networks and computer systems? Cybercrime Sony's Hacking Scandal Could Cost The Company $100 Million - http://www.businessinsider.com/sonys-hacking-scandal-could-cost-the-company-100-million-2014-12

MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected

Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security

Targeted Intrusion Remediation: Lessons From The Front Lines Jim Aldridge All information is derived from MANDIANT observations in non-classified environments. Information has beensanitized where necessary

This cybersecurity health check provides a quick view of compliance gaps and is not intended to replace a professional HIPAA Security Risk Analysis. Failing to have more than five security measures not

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary

W E P R O V I D E Cyber Safe Solutions was designed and built from the ground up to help organizations across multiple verticals to defend against modern day attacks. Unlike other security vendors that

Verve Security Center Product Features Supports multiple control systems. Most competing products only support a single vendor, forcing the end user to purchase multiple security systems Single solution